Re: Xen nuisance messages

"Luke S. Crawford" <lsc%prgmr.com@localhost> writes:
> What I want is a userland program that can connect over the network
> to an 'entropy server' - a dedicated server with a hardware entropy
> generation dongle, and suck down the entropy it wants.
A problem with this approach is that if you want entropy to use for
generating keys, you have to keep the entropy hidden from the adversary.
The point, generally, is to create session keys, DH ephemeral half-keys,
etc. that are unpredictable to others. So getting cleartext random bits
doesn't really help if your threat model includes the local net (which
absent very special circumstances it seems like it should).